What we know about Lockbit, the world’s ‘most harmful’ hacker group, has now been dismantled

International – This is a major operation that will prove to be a landmark in the fight against cybercrime. Presented as Lockbit Hacker Group “most harmful” In the world, was dismantled during an international police operation, the authorities of several countries announced on Tuesday, February 20.

“After infiltrating the group’s network, the N.C.A (British Crime Fighting Agency, Editor’s Note) took control of LockBit’s services, compromising their entire criminal enterprise”The agency said in a statement. “We Hacked Hackers”Greet its managing director Graeme Biggar announcing the deactivation of Lockbit during “Operation Kronos” during a press conference in London.

“This site is now under police control”Now a message on the LockBit website indicates that the British NCA has taken control with the cooperation of the American FBI and agencies of several countries.

HuffPost This takes stock of joint operations.

• How does LockBit work?

LockBit is considered the most active malware in the world, claiming more than 2,500 victims worldwide. During its existence, its hackers were able to target complex infrastructures and large industrial groups, with ransom demands ranging from 5 to 70 million euros.

“Ransomware is estimated to be responsible for a good quarter of attacks worldwide, with Europe likely to hit”Emphasis on the world Jean-Philippe Lacoffe, Deputy Director of Operations at Europol. It describes a group very attractive” For pirates, because “ All the tools were provided.”.

Unlike other groups, Lockbit became a real company, selling its services to other hackers in exchange for a percentage.

In November 2022, the US Department of Justice (DoJ) classified Lockbit ransomware as “More active and more destructive types in the world”.

• How did the hackers actually proceed?

made cybercriminals available to them “Affiliates” The tools and infrastructure allow them to carry out attacks.

This involves infecting victims’ computer networks to steal their data and encrypt their files.

A ransom was then demanded in cryptocurrency to decrypt and recover the data, under penalty of publishing the victims’ data.

• How much money was LockBit able to raise?

The hacker group collected a total of more than $120 million in ransoms, according to the United States, where five people, including two Russian citizens, are being prosecuted.

In the United States alone, Lockbit has carried out more than 1,700 attacks since 2020 for nearly $91 million in ransoms, according to a US agency. franceinfo.

But according to the NCA, the damage caused by ransomware totals billions of euros if we add the costs to the victims to the ransom.

• Who was affected in France?

Of the 2,500 Lockbit victims, more than 200 are in France, “Including hospitals, town halls and companies of all sizes”, the Paris prosecutor’s office said in a statement. In 2023, the group notably attacked the hospitals of Corbel-Essons and Versailles in the Paris region.

During the international Kronos operation, French investigators made an arrest “Two targets in Poland and Ukraine” And according to the same source the search was conducted.

According to the Paris prosecutor’s office, the operation made it possible “Take control of a significant portion of the Lockbit ransomware infrastructure, including the darknet”And especially “Wall of Shame” (wall of shame) “Where the data of those who refused to pay the ransom was published”.

• What about Russia?

According to the NCA chief, the investigation has yielded no revelations “direct support” To the lockbit of the Russian state, but still a “tolerance” Towards Cybercrime in Russia. “They are cybercriminals, they are based all over the world, there is a large concentration of these individuals in Russia and they often speak Russian”He declared.

See also on HuffPost :